Apr 23 2014

Symantec Details the Latest Threats to Government Cybersecurity

The 2014 Internet Security Threat report shows just how vulnerable agencies are.

A new report from Symantec on the state of Internet security underscores just how vulnerable many organizations remain to numerous cyberthreats lurking around the web.

Symantec's 2014 Internet Security Threat report covers the expansive breadth of cybersecurity threats that occurred over the past year. For government IT personnel, some of Symantec’s findings should come as no surprise.

The report highlights just how many government offices are subjected to cyberattacks, with public administration ranking as the most targeted by spear-phishing attempts in 2013. Public administration also ranked as the second-most likely industry to be targeted.

Top Three Types of Information Obtained:

1. Real names
2. Birth dates
3: Government ID numbers

Spear Phising For Government Data

Spear phishing, an increasingly common tactic among cybercriminals, targets particular individuals or organizations by using privileged information to increase the likelihood that an attack will be successful. Essentially, your personal information is used maliciously, in hopes of catching you unawares.

The danger isn't limited to the largest agencies or governments. In 2013, sixty-one percent of spear-phishing attacks targeted organizations with fewer than 2,500 employees; 30 percent of attacks were aimed at organizations with fewer than 250 workers.

To combat spear phishing, IT professionals should pay particular attention to advising employees who are most likely to be targeted. According to Symantec, personal assistants, senior managers and those working in the media are especially vulnerable.

The Rise of Mobile Threats and 'Mega Breaches'

Agencies looking to more quickly adopt mobile principles should be cautious: As mobility becomes a crucial component of the workplace and the mobile web expands, so do the efforts of cybercriminals.

Thirty-eight percent of mobile users worldwide experienced a form of cybercrime in 2013. And though many users are storing sensitive files on their phones or sharing login information with friends, just 50 percent have employed the most basic security precautions. Overall, security breaches increased by 62 percent between 2012 and 2013, but that figure doesn't account for the increased scale of each individual breach.

Dubbed "mega breaches," these attacks expose the personal information of millions of people at a time and are becoming more common. The number of personal identities obtained through breaches has doubled since 2011, increasing to 552 million in 2013.

"Nothing breeds success like success — especially if you're a cybercriminal. The potential for huge paydays means large-scale attacks are here to stay. Companies of all sizes need to re-examine, re-think and possibly re-architect their security posture," Kevin Haley, director of Symantec Security Response, said in a press release.

And that advice applies to government organizations as well. As evidenced by the recent discovery of the Heartbleed bug, which brought into question the security of countless websites across the web, including Healthcare.gov.

According to Symantec's study, 77 percent of sites had "exploitable vulnerabilities," with nearly 13 percent containing a "critical vulnerability."

But there are some bright spots in Symantec's report: New malicious web domains decreased by 24 percent, the number of bot-infected computers dropped by 33 percent year over year, and the number of successfully blocked web-based cyberattacks increased by 23 percent.

For Symantec's full report, click here [PDF].